Cross-Site Scripting Vulnerabilities in Macromedia Jrun

vendor:

Jrun

by:

SecurityFocus

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: Jrun

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Cross-Site Scripting Vulnerabilities in Macromedia Jrun

A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page by an unauthenticated user. Successful exploitation of this issue could potentially allow an attacker to steal an administrators authentication credentials, likely leading to further malicious actions taking places.

Mitigation:

Input validation should be used to ensure that untrusted data is not passed to the application. Additionally, authentication should be used to ensure that only trusted users are able to access the administrative interface.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9112/info

A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page by an unauthenticated user.

Successful exploitation of this issue could potentially allow an attacker to steal an administrators authentication credentials, likely leading to further malicious actions taking places. 

http://www.example.com:8000/server/<your server>/webserver/webserverlist.jsp?action=start&externalWebServer=DefaultDomain%3aservice%3d<script code>

http://www.example.com:8000/clusterframe.jsp?cluster=<script code>